PT-2024-9091 · Zabbix+4 · Zabbix+4
Vjaceslavs Bogdanovs
·
Published
2024-11-27
·
Updated
2025-10-08
·
CVE-2024-42332
CVSS v3.1
3.7
Low
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Zabbix (affected versions not specified)
Description:
The issue is related to the improper handling of SNMP trap log output, allowing an attacker to manipulate SNMP traps with additional information and display forged data in the Zabbix user interface. This attack requires that SNMP authentication be disabled or that the attacker knows the community or authentication details. It also requires an SNMP item to be configured as text on the target host. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Encoding or Escaping of Output
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Red Os
Zabbix